1#!/bin/sh
2#
3# Copyright (C) 2021 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17
18trap "echo 3 >${exitcode}" ERR
19
20# $1 - Suite names for apt sources
21# $2 - Additional repos, if any
22update_apt_sources() {
23  # Add the needed debian sources
24  cat >/etc/apt/sources.list << EOF
25EOF
26  for source in $1; do
27    cat >>/etc/apt/sources.list <<EOF
28deb http://ftp.debian.org/debian $source main $2
29deb-src http://ftp.debian.org/debian $source main $2
30EOF
31  done
32
33  # Disable the automatic installation of recommended packages
34  cat >/etc/apt/apt.conf.d/90recommends <<EOF
35APT::Install-Recommends "0";
36EOF
37
38  # On the ARM64, allow packages from AMD64 to be installed
39  dpkg --add-architecture amd64
40
41  # Update for the above changes
42  apt-get update
43}
44
45# $1 - Output file for currently installed packages
46get_installed_packages() {
47  LANG=C dpkg --get-selections | sort
48}
49
50# $1 - File containing package selections to restore to
51# $2 - File containing currently installed packages list
52remove_installed_packages() {
53  apt-get purge --allow-remove-essential -y \
54    $(comm -3 "$1" "$2" | sed -e 's,install,,' -e 's,\t,,' | xargs)
55  rm -f "$1" "$2"
56}
57
58setup_static_networking() {
59  # Temporarily bring up static QEMU SLIRP networking (no DHCP)
60  ip link set dev eth0 up
61  ip addr add 10.0.2.15/24 broadcast 10.0.2.255 dev eth0
62  ip route add default via 10.0.2.2 dev eth0
63
64  # Permanently update the resolv.conf with the Google DNS servers
65  echo "nameserver 8.8.8.8"  >/etc/resolv.conf
66  echo "nameserver 8.8.4.4" >>/etc/resolv.conf
67}
68
69# $1 - Network interface for bridge (or traditional DHCP)
70# $2 - Bridge name. If not specified, no bridge is configured
71setup_dynamic_networking() {
72  # So isc-dhcp-client can work with a read-only rootfs..
73  cat >>/etc/fstab <<EOF
74tmpfs      /var/lib/dhcp tmpfs defaults 0 0
75EOF
76
77  # Bring up networking one time with dhclient
78  mount /var/lib/dhcp
79  dhclient eth0
80  echo "nameserver 8.8.8.8"  >/run/resolvconf/resolv.conf
81  echo "nameserver 8.8.4.4" >>/run/resolvconf/resolv.conf
82
83  # Set up automatic DHCP for *future* boots
84  if [ -z "$2" ]; then
85    cat >/etc/network/interfaces.d/$1.conf <<EOF
86auto $1
87iface $1 inet dhcp
88EOF
89  else
90    cat >/etc/network/interfaces.d/$2.conf <<EOF
91auto $2
92iface $2 inet dhcp
93	bridge_ports $1
94	bridge_stp off
95	bridge_fd 0
96EOF
97  fi
98}
99
100setup_cuttlefish_user() {
101  # Add a default user and put them in the right group
102  addgroup --system cvdnetwork
103  useradd -m -G cvdnetwork,kvm,render,sudo,video \
104    -d /home/vsoc-01 --shell /bin/bash vsoc-01
105  echo -e "cuttlefish\ncuttlefish" | passwd vsoc-01
106
107  # Enable unlimited memory locking for vsoc-01, which is needed by protected
108  # KVM, which is enabled by default on arm64 devices
109  echo "vsoc-01 - memlock unlimited" >>/etc/security/limits.conf
110}
111
112# $* - One or more device names for getty spawns
113create_systemd_getty_symlinks() {
114  for device in $*; do
115    ln -s /lib/systemd/system/serial-getty\@.service \
116      /etc/systemd/system/getty.target.wants/serial-getty\@"${device}".service
117  done
118}
119
120# $1 - Additional default command line
121setup_grub() {
122  if [[ "${embed_kernel_initrd_dtb}" = "0" && "${install_grub}" = "0" ]]; then
123    return
124  fi
125
126  if [[ "${install_grub}" = "1" ]]; then
127    # Mount fstab entry added by stage2
128    findmnt /boot/efi > /dev/null 2>&1
129    if [ $? != 0 ]; then
130	mount /boot/efi
131    fi
132
133    # Install GRUB EFI (removable, for Cloud)
134    apt-get install -y grub-efi
135    grub_arch="$(uname -m)"
136    # Remap some mismatches with uname -m
137    [ "${grub_arch}" = "i686" ] && grub_arch=i386
138    [ "${grub_arch}" = "aarch64" ] && grub_arch=arm64
139    grub-install --target "${grub_arch}-efi" --removable
140  else
141    # Install common grub components
142    apt-get install -y grub2-common
143    mkdir /boot/grub
144  fi
145
146  cat >/etc/default/grub <<EOF
147GRUB_DEFAULT=0
148GRUB_TIMEOUT=5
149GRUB_DISTRIBUTOR=Debian
150GRUB_CMDLINE_LINUX_DEFAULT=""
151GRUB_CMDLINE_LINUX="\\\$cmdline $1"
152EOF
153  update-grub
154}
155
156cleanup() {
157  # Prevents systemd boot issues with read-only rootfs
158  mkdir -p /var/lib/systemd/{coredump,linger,rfkill,timesync}
159  chown systemd-timesync:systemd-timesync /var/lib/systemd/timesync
160
161
162  # If embedding isn't enabled, remove the embedded modules and initrd
163  if [[ "${embed_kernel_initrd_dtb}" = "0" ]]; then
164    rm -f "/boot/initrd.img-$(uname -r)"
165    rm -rf "/lib/modules/$(uname -r)"
166  fi
167
168  # If embedding isn't enabled *and* GRUB isn't being installed, uninstall
169  # the tools to regenerate the initrd, as they're unlikely to ever be used
170  if [[ "${embed_kernel_initrd_dtb}" = "0" && "${install_grub}" = "0" ]]; then
171    apt-get purge -y initramfs-tools initramfs-tools-core klibc-utils kmod
172  fi
173
174  # Miscellaneous cleanup
175  rm -rf /var/lib/apt/lists/* || true
176  rm -f /root/* || true
177  rm -f /etc/cron.d/cron-run-installer-script || true
178  apt-get clean
179
180  echo 0 >"${exitcode}"
181  sync && poweroff -f
182}
183